OAR 836-080-0519
Information to be Included in Initial Privacy Notice


(1)

This rule implements the requirement of the initial notice under ORS 746.620 (Notice of insurance information practices), describes the contents of the initial notice and provides examples of categories of information required in the notice.

(2)

The following are examples of categories of personal information collected by a licensee. A licensee satisfies the requirement of categorizing the personal information it collects if the licensee categorizes it according to the source of the information, including, for example:

(a)

Information from the consumer;

(b)

Information about the consumer’s transactions with the licensee or its affiliates;

(c)

Information about the consumer’s transactions with nonaffiliated third parties; and

(d)

Information from an insurance support organization.

(3)

The following are examples of categories of personal information disclosed by a licensee:

(a)

A licensee satisfies the requirement of categorizing personal information it discloses if the licensee categorizes the information according to source, as described in section (2) of this rule, as applicable, and provides a few examples to illustrate the types of information in each category. These may include:

(A)

Information from the consumer, including application information such as assets and income and identifying information such as name, address and social security number;

(B)

Transaction information, such as information about balances, payment history and parties to the transaction; and

(C)

Information from consumer reporting agencies, such as a consumer’s creditworthiness and credit history.

(b)

A licensee does not adequately categorize the information that it discloses if the licensee uses only general terms, such as transaction information about the consumer.

(c)

If a licensee may disclose all of the personal information about consumers that it collects, the licensee may simply state that fact without describing the categories or examples of personal information that the licensee discloses.

(4)

The following are examples for describing categories of affiliated and nonaffiliated third parties to which a licensee discloses information:

(a)

A licensee satisfies the requirement of categorizing the affiliates and nonaffiliated third parties to which the licensee discloses personal information about consumers if the licensee identifies the types of business in which they engage.

(b)

Types of businesses may be described by general terms only if the licensee uses a few illustrative examples of significant lines of business. For example, a licensee may use the term financial products or services if it includes appropriate examples of significant lines of businesses, such as life insurer, automobile insurer, consumer banking or securities brokerage.

(c)

A licensee may also categorize the affiliates and nonaffiliated third parties to which it discloses personal information about consumers using more detailed categories.

(5)

A privacy notice shall include an explanation of the consumer’s right under ORS 746.665 (Limitations and conditions on disclosure of certain information)(1)(k) to opt out of the disclosure of personal information to nonaffiliated third parties, including the method by which the consumer may exercise that right at that time. The following are examples of disclosures under the exception for joint marketers under 746.665 (Limitations and conditions on disclosure of certain information)(1)(k). If a licensee discloses personal information under the exception in 746.665 (Limitations and conditions on disclosure of certain information)(1)(k) to a nonaffiliated third party to market products or services that it offers alone or jointly with another financial institution, the licensee satisfies the applicable disclosure requirement of this rule if the licensee:

(a)

Lists the categories of personal information it discloses, using the same categories and examples the licensee used to meet the requirements of section (1) of this rule.

(b)

States whether the third party is:

(A)

A service provider that performs marketing services on the licensee’s behalf or on behalf of the licensee and another financial institution; or

(B)

A financial institution with whom the licensee has a joint marketing agreement.

(6)

If a licensee does not disclose personal information about customers or former customers to affiliates or nonaffiliated third parties except as authorized under ORS 746.665 (Limitations and conditions on disclosure of certain information)(1)(a) to (k) and (m) to (q), and under 746.665 (Limitations and conditions on disclosure of certain information)(1)(L) in connection with an audit, the licensee may simply state that fact, in addition to the information it is required to provide under 746.620 (Notice of insurance information practices)(3)(a), (h), (i) and (j) and (4).

(7)

A licensee describes its policies and practices relating to protection of the confidentiality and security of personal information if it does both of the following:

(a)

Describes in general terms who is authorized to have access to the information; and

(b)

States whether the licensee has security practices and procedures in place to ensure the confidentiality of the information in accordance with the licensee’s policy. The licensee is not required to describe technical information about the safeguards it uses.

(8)

An abbreviated notice authorized by ORS 746.620 (Notice of insurance information practices)(5) must include in full the elements of the notice required by the federal Gramm-Leach-Bliley Act of 1999 for the purpose of compliance with that law and shall also include the information referred to in section (5) of this rule and in 746.620 (Notice of insurance information practices)(5). The licensee shall deliver its abbreviated notice according to OAR 836-080-0536 (Delivery). The licensee is not required to deliver its privacy notice with its abbreviated notice. The licensee instead may provide the consumer a reasonable means to obtain its privacy notice as described in 836-080-0536 (Delivery)(9). If a consumer who receives the licensee’s abbreviated notice requests the licensee’s privacy notice, the licensee shall deliver its privacy notice according to 836-080-0536 (Delivery).

(9)

A licensee’s initial privacy notice may include any of the following:

(a)

Categories of personal information that the licensee reserves the right to disclose in the future but does not currently disclose; and

(b)

Categories of affiliates or nonaffiliated third parties to whom the licensee reserves the right in the future to disclose, but to whom the licensee does not currently disclose, personal information.

Source: Rule 836-080-0519 — Information to be Included in Initial Privacy Notice, https://secure.­sos.­state.­or.­us/oard/view.­action?ruleNumber=836-080-0519.

836‑080‑0001
Statutory Authority
836‑080‑0005
Definitions
836‑080‑0014
Duties of Agent
836‑080‑0022
Duties of Insurers that Use Agents Insurance Producers
836‑080‑0029
Duties of Replacing Insurers that Use Agents
836‑080‑0034
Duties of the Existing Insurer
836‑080‑0039
Duties of Insurers with Respect to Direct Response Solicitations
836‑080‑0043
Violations and Penalties
836‑080‑0050
Authority
836‑080‑0055
Unfair Discrimination Identified
836‑080‑0080
Definition, Claims Handling Services
836‑080‑0085
Annual Report
836‑080‑0090
Suitability in the Sale of Life Insurance
836‑080‑0105
Statutory Authority
836‑080‑0110
Applicability
836‑080‑0115
Definitions
836‑080‑0120
Statement as to Participation Required Upon Request Before Delivery of Policy
836‑080‑0125
Prohibited Representations Regarding Participation Rights
836‑080‑0130
Dividend Statement Permitted
836‑080‑0135
Dividend Rights Accrue Upon Declaration of Dividends
836‑080‑0140
Unfair Discrimination in Allocation of Dividends Prohibited
836‑080‑0145
Unfair Forfeiture of Dividend for Failure to Renew Prohibited
836‑080‑0150
Policyholder Dividend Rights of Group Members and Dividend Group Policyholders
836‑080‑0155
False or Deceptive Publications by Insurer Prohibited
836‑080‑0160
Use of Special Certifications and Professional Designations by Insurance Producers
836‑080‑0165
Notice of Insurance Division Assistance
836‑080‑0170
Statutory Authority
836‑080‑0172
Applicability
836‑080‑0175
Exemptions
836‑080‑0178
Definitions
836‑080‑0180
Duties of Insurers and of Insurance Producers
836‑080‑0183
Insurance Producer Training
836‑080‑0185
Compliance Mitigation
836‑080‑0188
Recordkeeping
836‑080‑0190
Annuity Sales
836‑080‑0193
Effective Date and Operative Date
836‑080‑0200
Electronic Payment of Claims
836‑080‑0205
Statutory Authority, Purpose, and Applicability
836‑080‑0210
Definitions
836‑080‑0215
Claim Files
836‑080‑0220
Misrepresentation and Other Prohibited Claim Practices
836‑080‑0225
Required Claim Communication Practices
836‑080‑0230
Standard for Prompt Claim Investigation
836‑080‑0235
Standards for Prompt and Fair Settlements — Generally
836‑080‑0240
Standards for Prompt and Fair Total Loss Settlements — Automobile Insurance
836‑080‑0250
Workers’ Compensation Insurance Unfair Claim Settlement Practices Standards
836‑080‑0305
Statutory Authority
836‑080‑0310
Definitions
836‑080‑0315
Providing Things of Value to Intermediaries Generally Prohibited
836‑080‑0320
Miscellaneous Things of Value
836‑080‑0325
Business Development Activities
836‑080‑0335
Gifts
836‑080‑0337
Real Property Information
836‑080‑0340
Assistance in Qualifying a Subdivision
836‑080‑0345
Automatic Change in Monetary Limits
836‑080‑0355
Title Insurer Responsible for Violations by Agent
836‑080‑0360
Use by Title Company of an Intermediary’s Office
836‑080‑0365
Filing Escrow Rates Required
836‑080‑0370
Instruction of Title Company Employees About Rules Required
836‑080‑0425
Applicability
836‑080‑0430
Disclosure of Use of Credit History or Insurance Scores
836‑080‑0435
Policies Governing Credit Histories and Insurance Scores
836‑080‑0436
Absence of or Inability to Determine Credit History
836‑080‑0438
Definition of Adverse Underwriting Decision
836‑080‑0440
Unfair Insurance Trade Practice
836‑080‑0501
Authority
836‑080‑0506
Definitions and Examples
836‑080‑0511
Application of Notice Requirements
836‑080‑0516
Initial Notice to Consumers
836‑080‑0519
Information to be Included in Initial Privacy Notice
836‑080‑0523
Annual Notice
836‑080‑0526
Information to be Included in Annual Notice
836‑080‑0531
Revised Privacy Notices
836‑080‑0536
Delivery
836‑080‑0541
Opt in Notice
836‑080‑0546
Limits on Sharing Account Number Information for Marketing Purposes
836‑080‑0551
Authorization Request Delivery
836‑080‑0600
Authority
836‑080‑0610
Definitions and Examples
836‑080‑0615
Personal Information Notice
836‑080‑0620
Notice of Personal Financial Information Practices
836‑080‑0625
Alternative Procedures
836‑080‑0630
Application of Notice Requirements
836‑080‑0635
Initial Notice to Consumers
836‑080‑0640
Information to Be Included in Initial Privacy Notice
836‑080‑0645
Annual Notice
836‑080‑0650
Information to Be Included in Annual Notice
836‑080‑0655
Revised Privacy Notices
836‑080‑0660
Delivery
836‑080‑0665
Authorization
836‑080‑0670
Authorization Exemptions
836‑080‑0675
Disclosure Without Authorization
836‑080‑0680
Opt in Notice
836‑080‑0685
Limits on Sharing Account Number Information for Marketing Purposes
836‑080‑0690
Authorization Request Delivery
836‑080‑0695
Access to Recorded Personal Information
836‑080‑0700
Correction, Amendment or Deletion of Recorded Personal Information
836‑080‑0750
Purpose
836‑080‑0755
Application of OAR 836-080-0750 to 836-080-0775
836‑080‑0760
Definitions for OAR 836-080-0750 to 836-080-0775
836‑080‑0765
Practices Declared False, Misleading, Deceptive or Unfair on a Military Installation
836‑080‑0770
Practices Declared False, Misleading, Deceptive or Unfair, Regardless of Location
836‑080‑0775
Severability
836‑080‑0800
Definitions
836‑080‑0805
Statutory Authority, Purpose, and Applicability
836‑080‑0810
Provision of Commercial Loss Runs
Last Updated

Jun. 8, 2021

Rule 836-080-0519’s source at or​.us